From 948bfc4c428b49d3931e2f037307e53d80fc77f0 Mon Sep 17 00:00:00 2001 From: alee Date: Tue, 14 Oct 2008 18:43:16 +0000 Subject: bz223361 - security domains in ldap git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@127 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- pki/base/ca/shared/conf/schema.ldif | 37 +++ .../src/com/netscape/certsrv/util/HttpInput.java | 7 +- .../netscape/cms/servlet/csadmin/DonePanel.java | 164 ++++++++--- .../netscape/cms/servlet/csadmin/GetDomainXML.java | 145 ++++++++-- .../cms/servlet/csadmin/SecurityDomainPanel.java | 33 --- .../cms/servlet/csadmin/UpdateDomainXML.java | 313 +++++++++++++++++---- pki/base/migrate/80/MigrateSecurityDomain.class | Bin 0 -> 6951 bytes pki/base/migrate/80/MigrateSecurityDomain.java | 215 ++++++++++++++ pki/base/migrate/80/readme | 29 ++ pki/base/migrate/80/schema-add.ldif | 36 +++ pki/base/migrate/build.xml | 4 + pki/base/setup/pkiremove | 94 ++++++- .../src/com/netscape/cmsutil/xml/XMLObject.java | 10 + 13 files changed, 935 insertions(+), 152 deletions(-) create mode 100644 pki/base/migrate/80/MigrateSecurityDomain.class create mode 100644 pki/base/migrate/80/MigrateSecurityDomain.java create mode 100644 pki/base/migrate/80/readme create mode 100644 pki/base/migrate/80/schema-add.ldif (limited to 'pki/base') diff --git a/pki/base/ca/shared/conf/schema.ldif b/pki/base/ca/shared/conf/schema.ldif index 4431a2730..7331749ce 100644 --- a/pki/base/ca/shared/conf/schema.ldif +++ b/pki/base/ca/shared/conf/schema.ldif @@ -348,6 +348,26 @@ changetype: modify add: attributeTypes attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) + dn: cn=schema changetype: modify add: objectClasses @@ -392,3 +412,20 @@ dn: cn=schema changetype: modify add: objectClasses objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy ) X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' ) + + diff --git a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java index 78852cff4..034cfd6cd 100644 --- a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java +++ b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java @@ -276,13 +276,14 @@ public class HttpInput return getString(request, name); } - public static String getSecurityDomainName(HttpServletRequest request, String name) throws IOException + public static String getSecurityDomainName(HttpServletRequest request, String name) + throws IOException { String v = getName(request, name); - Pattern p = Pattern.compile("[A-Za-z0-9 ]+"); + Pattern p = Pattern.compile("[A-Za-z0-9]+[A-Za-z0-9 -]*"); Matcher m = p.matcher(v); if (!m.matches()) { - throw new IOException("Invalid characters found in Security Domain Name " + v + ". Valid characters are A-Z, a-z, 0-9 and space"); + throw new IOException("Invalid characters found in Security Domain Name " + v + ". Valid characters are A-Z, a-z, 0-9, dash and space"); } return v; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 28008a451..a4a0687a1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -34,6 +34,7 @@ import com.netscape.certsrv.dbs.crldb.*; import com.netscape.certsrv.ocsp.*; import com.netscape.certsrv.logging.*; import com.netscape.cmsutil.util.Cert; +import com.netscape.cmsutil.password.*; import netscape.security.x509.*; import netscape.ldap.*; import java.net.*; @@ -82,6 +83,69 @@ public class DonePanel extends WizardPanelBase { return set; } + private LDAPConnection getLDAPConn(Context context) + throws IOException + { + IConfigStore cs = CMS.getConfigStore(); + + String host = ""; + String port = ""; + String pwd = null; + String binddn = ""; + String security = ""; + + IPasswordStore pwdStore = CMS.getPasswordStore(); + + if (pwdStore != null) { + CMS.debug("DonePanel: getLDAPConn: password store available"); + pwd = pwdStore.getPassword("internaldb"); + } + + if ( pwd == null) { + throw new IOException("DonePanel: Failed to obtain password from password store"); + } + + try { + host = cs.getString("internaldb.ldapconn.host"); + port = cs.getString("internaldb.ldapconn.port"); + binddn = cs.getString("internaldb.ldapauth.bindDN"); + security = cs.getString("internaldb.ldapconn.secureConn"); + } catch (Exception e) { + CMS.debug("DonePanel: getLDAPConn" + e.toString()); + throw new IOException( + "Failed to retrieve LDAP information from CS.cfg."); + } + + int p = -1; + + try { + p = Integer.parseInt(port); + } catch (Exception e) { + CMS.debug("DonePanel getLDAPConn: " + e.toString()); + throw new IOException("Port is not valid"); + } + + LDAPConnection conn = null; + if (security.equals("true")) { + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } + + CMS.debug("DonePanel connecting to " + host + ":" + p); + try { + conn.connect(host, p, binddn, pwd); + } catch (LDAPException e) { + CMS.debug("DonePanel getLDAPConn: " + e.toString()); + throw new IOException("Failed to connect to the internal database."); + } + + return conn; + } + + /** * Display the panel. */ @@ -158,46 +222,72 @@ public class DonePanel extends WizardPanelBase { String s = getSubsystemNodeName(type); if (sdtype.equals("new")) { try { - String instanceRoot = cs.getString("instanceRoot", ""); - String domainxml = instanceRoot+"/conf/domain.xml"; - XMLObject obj = new XMLObject(new FileInputStream(domainxml)); - Node n = obj.getContainer(s); - NodeList nlist = n.getChildNodes(); - String countS = ""; - Node countnode = null; - for (int i=0; i @@ -79,6 +193,7 @@ public class UpdateDomainXML extends CMSServlet { */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateDomainXML: processing..."); + String status = SUCCESS; HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -114,80 +229,172 @@ public class UpdateDomainXML extends CMSServlet { return; } - String path = CMS.getConfigStore().getString("instanceRoot", "") - + "/conf/domain.xml"; + String list = httpReq.getParameter("list"); + String type = httpReq.getParameter("type"); + String host = httpReq.getParameter("host"); + String name = httpReq.getParameter("name"); + String sport = httpReq.getParameter("sport"); + String domainmgr = httpReq.getParameter("dm"); + String clone = httpReq.getParameter("clone"); + String operation = httpReq.getParameter("operation"); - CMS.debug("UpdateDomainXML: got path=" + path); + String basedn = null; + String secstore = null; + + IConfigStore cs = CMS.getConfigStore(); try { - // set info into domain.xml - String list = httpReq.getParameter("list"); - - String type = httpReq.getParameter("type"); - String host = httpReq.getParameter("host"); - String name = httpReq.getParameter("name"); - String sport = httpReq.getParameter("sport"); - String domainmgr = httpReq.getParameter("dm"); - String clone = httpReq.getParameter("clone"); - - // insert info - CMS.debug("UpdateDomainXML: Inserting new domain info"); - XMLObject parser = new XMLObject(new FileInputStream(path)); - Node n = parser.getContainer(list); - Node parent = parser.createContainer(n, type); - parser.addItemToContainer(parent, "SubsystemName", name); - parser.addItemToContainer(parent, "Host", host); - parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "DomainManager", domainmgr); - parser.addItemToContainer(parent, "Clone", clone); - - String countS = ""; - NodeList nlist = n.getChildNodes(); - Node countnode = null; - for (int i=0; i "); + System.exit(0); + } + + String instRoot = args[0]; + String dmPass = args[1]; + + XMLObject parser = null; + // get the security domain data from the domain.xml file + try { + String path = instRoot + "/conf/domain.xml"; + System.out.println("MigrateSecurityDomain: Reading domain.xml from file ..."); + parser = new XMLObject(new FileInputStream(path)); + + } + catch (Exception e) { + System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file"); + System.out.println(e.toString()); + System.exit(1); + } + + try { + String configFile = instRoot + "/conf/CS.cfg"; + FileConfigStore cs = new FileConfigStore(configFile); + + LDAPConnection conn = null; + conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass); + if (conn == null) { + System.out.println("MigrateSecurityDomain: Failed to connect to internal database"); + System.exit(1); + } + + // add new schema elements + String importFile = "./schema-add.ldif"; + try { + LDAPUtil.importLDIF(conn, importFile); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Error in adding new schema elements"); + System.exit(1); + } + // create the containers + String basedn = cs.getString("internaldb.basedn"); + String secdomain = parser.getValue("Name"); + + try { + String dn = "ou=Security Domain," + basedn; + System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn); + + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); + attrs.add(new LDAPAttribute("name", secdomain)); + attrs.add(new LDAPAttribute("ou", "Security Domain")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain" + e.toString()); + System.exit(1); + } + } + + // create list containers + String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; + for (int i=0; i< 6; i++) { + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("cn", clist[i])); + entry = new LDAPEntry(dn, attrs); + try { + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain list entry " + dn +": "+ e.toString()); + System.exit(1); + } + } + } + + // create system entries + String tlist[] = {"CA", "OCSP", "KRA", "RA", "TKS", "TPS"}; + Document doc = parser.getDocument(); + for (int j=0; j<6; j++) { + String type = tlist[j]; + NodeList nodeList = doc.getElementsByTagName(type); + int len = nodeList.getLength(); + for (int i = 0; i < len; i++) { + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone"); + Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host"); + Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort"); + + String cn = (String)v_host.elementAt(0) + ":" + (String)v_port.elementAt(0); + String dn = "cn=" + cn + ",cn=" + type +"List,ou=Security Domain," + basedn; + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); + attrs.add(new LDAPAttribute("Host", (String)v_host.elementAt(0))); + attrs.add(new LDAPAttribute("SecurePort", (String)v_port.elementAt(0))); + attrs.add(new LDAPAttribute("Clone", (String)v_clone.elementAt(0))); + attrs.add(new LDAPAttribute("SubsystemName", (String)v_name.elementAt(0))); + attrs.add(new LDAPAttribute("cn", cn)); + attrs.add(new LDAPAttribute("DomainManager", "true")); + entry = new LDAPEntry(dn, attrs); + + try { + conn.add(entry); + } + catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create entry " + dn +": "+ e.toString()); + } + } + } + } + cs.putString("securitydomain.store", "ldap"); + cs.commit(false); + System.out.println("MigrateSecurityDomain: Domain successfully migrated."); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString()); + } + System.exit(0); + } + +} diff --git a/pki/base/migrate/80/readme b/pki/base/migrate/80/readme new file mode 100644 index 000000000..50365c985 --- /dev/null +++ b/pki/base/migrate/80/readme @@ -0,0 +1,29 @@ +Date + + Fri Oct 3 00:37:14 EDT 2008 + +Version + + CMS 8.0 + +Overview + + In CMS8.0, the security domain data has been migrated into the + internal LDAP database to allow easier replication of this data + when cloning. Prior to this release, this information was stored + in the domain.xml configuration file on the CA serving as the Domain + Master. + +Program + + MigrateSecurityDomain - This command will add the relevant schema and migrate + security domain data that resides in domain.xml into the internal database. + The program needs only two arguments - the location of the instance root directory + (like /var/lib/pki-ca) and the directory user's password. + +Example + + Here is an example of MigrateSecurityDomain usage +java -cp /usr/share/java/ldapjdk.jar:/usr/share/java/pki/cmscore.jar:/usr/share/java/pki/cmsutil.jar:/usr/share/java/pki/certsrv.jar:. MigrateSecurityDomain /var/lib/pki-ca mypassword + + diff --git a/pki/base/migrate/80/schema-add.ldif b/pki/base/migrate/80/schema-add.ldif new file mode 100644 index 000000000..7d9cec640 --- /dev/null +++ b/pki/base/migrate/80/schema-add.ldif @@ -0,0 +1,36 @@ +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( securePort-oid NAME 'securePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ name ) X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' ) + + diff --git a/pki/base/migrate/build.xml b/pki/base/migrate/build.xml index 48623cdac..bcdc1e37b 100644 --- a/pki/base/migrate/build.xml +++ b/pki/base/migrate/build.xml @@ -159,6 +159,7 @@ + + + @@ -302,6 +305,7 @@ + diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove index 6ec3752b5..25335f215 100755 --- a/pki/base/setup/pkiremove +++ b/pki/base/setup/pkiremove @@ -30,7 +30,7 @@ # -pki_instance_name= # Unique PKI subsystem # # instance name # # (e. g. - pki-pki1) -# +# # [-force] # Don't ask any # # questions # @@ -195,7 +195,7 @@ sub usage() print( STDOUT "Example: pkiremove -pki_instance_root=/var/lib " - . "-pki_instance_name=$pki_flavor-ca1\n\n" ); + . "-pki_instance_name=$pki_flavor-ca1\n\n " ); print( STDOUT "IMPORTANT: Must be run as root!\n\n" ); @@ -203,6 +203,93 @@ sub usage() return; } +sub update_domain() +{ + my $conf_file = $pki_instance_path . "/conf/CS.cfg"; + my $sport; + my $secport; + my $secselect; + my $typeval; + my $machinename; + my $subsytemnick; + + open(DAT, $conf_file) or die "Could not open CS.cfg file to update security domain"; + my @conf_data=; + foreach my $line (@conf_data) { + chomp($line); + (my $varname, my $valname) = split(/=/, $line); + if ($varname eq "service.securePort") { $sport = $valname; } + if ($varname eq "securitydomain.host") { $sechost = $valname; } + if ($varname eq "securitydomain.httpsport") { $secport = $valname; } + if ($varname eq "securitydomain.select") { $secselect = $valname; } + if ($varname eq "cs.type") { $typeval = $valname; } + if ($varname eq "machineName") { $machinename = $valname; } + if ($varname =~ /[a-z]*.subsystem.nickname/) { $subsystemnick = $valname; } + } + close(DAT); + + if ((!defined($sechost)) || (!defined($secport))) { + print (STDOUT "No security domain defined. If this is an unconfigured instance, then that is OK.\n" . + "Otherwise, manually delete the entry from the security domain master.\n" ); + return; + } + + if ($secselect ne "new") { + # This is not a domain master, so we need to update the master + print (STDOUT "Contacting the security domain master to update the security domain\n"); + my $listval = $typeval . "List"; + my $urlheader = "https://" . $sechost . ":" . $secport; + my $updateURL = "/ca/agent/ca/updateDomainXML"; + my $loginURL = "/ca/ee/ca/securityDomainLogin"; + my $cookieURL = "/ca/ee/ca/getCookie"; + + # Login to security domain + use LWP; + my $browser= LWP::UserAgent->new; + + #create pk12 files for client cert authentication + my $intpw; + my $pwfile = $pki_instance_path . "/conf/password.conf"; + open(DAT, $pwfile) or die "Could not open password.conf file to generate pk12 files."; + my @pw_data=; + foreach my $line (@pw_data) { + chomp($line); + (my $varname, my $valname) = split(/=/, $line); + if ($varname eq "internal") { $intpw = $valname; } + } + close($pwfile); + + my $tempfile = "/tmp/" . $$ . ".p12"; + my $dbpath = $pki_instance_path . "/alias"; + srand(time() ^($$ + ($$ <<15))) ; + my $p12pw = rand(); + + my @args = ("pk12util", "-d", $dbpath, "-o" , + $tempfile, "-n", $subsystemnick , "-K", $intpw, "-W", $p12pw ); + system(@args) == 0 or die "Could not generate pk12 file for client authentication."; + + #update domainXML + + $url = $urlheader . $updateURL; + #$ENV{HTTPS_DEBUG} = 1; + $ENV{HTTPS_PKCS12_FILE} = $tempfile; + $ENV{HTTPS_PKCS12_PASSWORD} = $p12pw; + + my $response = $browser->post( $url, + [ + 'name' => $pki_instance_name, + 'type' => $typeval, + 'list' => $listval, + 'host' => $machinename, + 'sport' => $sport, + 'operation' => 'remove' + ], + ); + + ($response->is_success) or die ("$url error: " . $response->status_line); + unlink $tempfile; + } +} # no args # return 1 - success, or @@ -247,6 +334,9 @@ ASK_AGAIN: $cleanup->open( "<$source_file_path" ) or die "Could not open file!\n"; + eval { update_domain(); }; + warn "Error updating security domain: " . $@ if $@; + my $file_mode = "file"; my @file_split; diff --git a/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java b/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java index 95cf8541c..e140c3098 100644 --- a/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java +++ b/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java @@ -158,4 +158,14 @@ public class XMLObject Result dest = new StreamResult(os); aTransformer.transform(src, dest); } + + public String toXMLString() throws TransformerConfigurationException, TransformerException { + TransformerFactory tranFactory = TransformerFactory.newInstance(); + Transformer transformer = tranFactory.newTransformer(); + Source src = new DOMSource(mDoc); + StreamResult dest = new StreamResult(new StringWriter()); + transformer.transform(src, dest); + String xmlString = dest.getWriter().toString(); + return xmlString; + } } -- cgit